What is Dokploy?

Dokploy is a modern open-source platform for server management and application deployment.

The platform's key features include:

• Deployment of various web applications (Node.js, Laravel, WordPress, and others).
• Management of Docker containers through an intuitive web interface.
• Automatic SSL certificate acquisition and renewal.
• Simple custom domain configuration.

This platform is perfect for both DevOps beginners and experienced developers who value the ability to quickly and conveniently deploy projects without the need for routine server configuration operations.

System Requirements for Installation

For successful Dokploy installation, you need a Virtual Private Server (VPS) running Ubuntu 22.04 LTS (64-bit). This version of Ubuntu provides a stable and reliable foundation for your applications.

Minimum server specifications:

• 2 GB RAM,
• 2 CPU,
• 30 GB disk space.

You can order a suitable server from our European data center, taking into account your performance requirements and budget.

Step-by-Step Dokploy Installation Guide

Step 1: Connecting to the Server

After ordering a VPS, you will receive access credentials via email: the server IP address and root user credentials. Establish a connection through the terminal using SSH protocol:

ssh root@SERVER_IP_ADDRESS

Step 2: Creating a Separate User (Optional)

For security reasons, it's recommended to create a separate user for working with Dokploy:

adduser dokploy usermod -aG sudo dokploy

After creating the user, connect under their account:

ssh dokploy@SERVER_IP_ADDRESS

Step 3: Installing the Dokploy Platform

Execute the installation using the official script:

curl -fsSL https://get.dokploy.com | bash

The installation process will take 3 to 7 minutes depending on server specifications and internet connection speed. Once installation is complete, the web management panel will be available at:

http://SERVER_IP_ADDRESS:3000

Step 4: Setting up Domain Name and HTTPS Protocol

To ensure secure connection and ease of use, configure a domain name:

• Create an A record in your domain's DNS settings, pointing to the server IP address.
• In the Dokploy web interface, specify your domain name in the appropriate settings.
• The system will automatically obtain an SSL certificate through Let's Encrypt service.
• After configuration, the management panel will be available at the secure address: https://your-domain.com

Next Steps After Installation

After successful installation and configuration of Dokploy, you'll be able to deploy any web applications — from simple static sites to complex Node.js applications, WordPress content management systems, Laravel projects, and others. All operations are performed through a convenient web interface, while all the logic works based on Docker technologies, but Docker knowledge is not required for basic usage.

Ready to Try Dokploy?

We provide:

• High-performance VPS and dedicated servers optimized for modern deployment platforms
• 24/7 technical support in English and Czech
• Transparent pricing and flexible tariff plans

Submit a request on our website — start working with Dokploy today and experience the advantages of a modern approach to application deployment!

n8n is a modern workflow automation tool that integrates more than 300 different services and platforms. With its help, you can create complex automation scenarios without needing to write code — simply connecting nodes with visual links.

Self-hosting n8n on your own VPS gives maximum control over your automated processes. In this guide, we'll cover installing n8n using Docker — the most practical and scalable deployment method.

System Requirements

For successful installation of n8n, you'll need:

• VPS server with Linux (Ubuntu 22.04 or later is recommended)
• Account with administrative privileges (sudo)
• Docker and Docker Compose
• Minimum 1 GB RAM (2 GB or more recommended)
• Minimum 5-10 GB free disk space (20 GB or more recommended for active use)

Environment Preparation: Installing Docker

Start by connecting to the server via SSH and run the following commands to install Docker:

sudo apt update
sudo apt install -y apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install -y docker-ce docker-compose

Verify the correct installation by checking versions:

docker --version
docker-compose --version

To simplify work, add your user to the docker group:

sudo usermod -aG docker $USER

Quick Installation Using Docker

Creating Persistent Storage

First, create a Docker volume to save n8n settings and data:

docker volume create n8n_data

Running n8n

Execute the command to start the n8n container:

docker run -it --rm \
--name n8n \
-p 5678:5678 \
-v n8n_data:/home/node/.n8n \
docker.n8n.io/n8nio/n8n

After startup, n8n will be available through the browser at:

http://<your_VPS_IP>:5678

PostgreSQL Integration (Extended Configuration — Optional)

n8n initially works with the lightweight SQLite database, which is perfect for development and small projects. However, SQLite has performance limitations under intensive use and doesn't support concurrent operation of multiple processes.

For stable operation in production environment and ensuring scalability, you should switch to PostgreSQL — a professional relational DBMS capable of handling large data volumes and multiple connections.

PostgreSQL Setup

The first step is to deploy PostgreSQL. You can choose one of the following options:

• Installation on the same server.
• Using cloud services (ElephantSQL, AWS RDS, Google Cloud SQL).
• Deployment on a separate server.

Deploying PostgreSQL via Docker

For quick creation of a PostgreSQL instance, use the following command:

docker run --name postgres \
-e POSTGRES_USER=n8n_user \
-e POSTGRES_PASSWORD=supersecret \
-e POSTGRES_DB=n8n \
-p 5432:5432 \
-d postgres

Container parameters:

• n8n_user — database user (you can choose any name),
• supersecret — access password (use a strong password),
• n8n — name of the database to be created.

Connecting n8n to PostgreSQL

After starting PostgreSQL, configure n8n to work with the new database:

docker run -it --rm \
--name n8n \
-p 5678:5678 \
-e DB_TYPE=postgresdb \
-e DB_POSTGRESDB_DATABASE=n8n \
-e DB_POSTGRESDB_HOST=localhost \
-e DB_POSTGRESDB_PORT=5432 \
-e DB_POSTGRESDB_USER=n8n_user \
-e DB_POSTGRESDB_PASSWORD=supersecret \
-v n8n_data:/home/node/.n8n \
docker.n8n.io/n8nio/n8n

Environment variables description:

• DB_TYPE=postgresdb — activates PostgreSQL driver,
• DB_POSTGRESDB_DATABASE=n8n — target database name,
• DB_POSTGRESDB_HOST=localhost — database server host (replace with actual IP for remote deployment),
• DB_POSTGRESDB_PORT=5432 — PostgreSQL connection port,
• DB_POSTGRESDB_USER=n8n_user — user credentials,
• DB_POSTGRESDB_PASSWORD=supersecret — authentication password.

Security Recommendations

Consider the following points when configuring:

• Create unique database and user names.
• Use strong passwords to protect data.
• Verify network accessibility between n8n and PostgreSQL containers.
• When using external PostgreSQL, configure the firewall to allow incoming connections from the n8n server's IP address.

Installation via Docker Compose (Preferred Method)

Docker Compose simplifies container and configuration management. This approach is recommended for permanent operation.

Creating Configuration File

Create a Docker Compose configuration file in the nano text editor by entering the command in terminal:

nano docker-compose.yml

Insert the following configuration into the opened editor:

version: '3'

services:
  n8n:
    image: docker.n8n.io/n8nio/n8n
    restart: always
    ports:
      - "5678:5678"
    environment:
      - GENERIC_TIMEZONE=Europe/Berlin
    volumes:
      - n8n_data:/home/node/.n8n

volumes:
  n8n_data:

Save the file with the keyboard shortcut:

• Ctrl + O (save)
• Enter (confirm)
• Ctrl + X (exit editor)

Managing n8n

Start n8n in background mode:

docker compose up -d

Stop n8n:

docker compose down

Updating n8n to the Latest Version

To update n8n, execute the commands sequentially:

docker compose pull
docker compose down
docker compose up -d

Tunnel Mode: Working with External Webhooks

Purpose of Tunnel

Tunnel mode creates a temporary public HTTPS address for your local server, which is necessary for testing incoming webhooks from external services (Telegram, Stripe, Zapier, etc.), in case you don't have a domain and HTTPS.

Application

This mode is perfect for:

• Debugging webhook integrations
• Testing automation with external services
• Temporary server publication without SSL configuration

Activating Tunnel

docker run -it --rm \
--name n8n \
-p 5678:5678 \
-v n8n_data:/home/node/.n8n \
docker.n8n.io/n8nio/n8n \
start --tunnel

Summary

You've mastered installing n8n on VPS using Docker — a reliable and flexible deployment method. Now you can create automated workflows by integrating popular services: Telegram, Google Workspace, Slack, CRM systems, and hundreds of other platforms.

n8n provides powerful capabilities for:

• Automating routine tasks
• Synchronizing data between systems
• Creating notifications and alerts
• Processing webhooks and API requests

Professional Hosting Solution for n8n

Want to avoid technical complexities? We have everything you need!

Our services:

• Optimized infrastructure: VPS and dedicated servers for n8n.
• Expert support: 24/7 assistance in Czech and English.
• Flexible plans and conditions: Configurations that match your needs.

Contact us and start automating business processes today!

This guide details the process of setting up Microsoft Outlook email client to work with an email account created in the cPanel hosting control panel. For detailed instructions on creating an email account, you can find information in our Knowledge Base: "How to create an email account in cPanel".

Before you begin setup, make sure you have the following information:

• Your email address (name@your-domain).
• Your email account password.
• IMAP incoming mail server (obtained when creating an email account in cPanel).
• SMTP outgoing mail server (obtained when creating an email account in cPanel).

You should also have Microsoft Outlook Email Client installed on your device.

Step 1: Launch Microsoft Outlook

1. Start the Microsoft Outlook program.

2. In the prompt window suggesting to create a new email account, select the "Advanced setup" option.

   

   Figure 1. Selecting the “Advanced setup” option when launching MS Outlook

3. On the next screen, select "Internet email".

   

   Figure 2. Selecting the “Internet email” option for email setup

Step 2: Enter Basic Settings

Enter the following data in the appropriate fields:

• Email address: Enter your full email address (in our example: example@your-domain.cz)
• User name: Enter the name that recipients will see
• Password: Enter your email account password

Figure 3. Data entry form for email account setup

Step 3: Configure Ports and Security

Continue filling out the form:

• Account type: Select IMAP4
• Incoming mail server: Specify the IMAP incoming mail server (obtained when creating an email account in cPanel)
• IMAP port: 993

Figure 4. IMAP protocol settings

• Outgoing mail server (SMTP): Specify the SMTP outgoing mail server (obtained when creating an email account in cPanel)
• SMTP port: 465

Figure 5. SMTP protocol settings

Step 4: Complete the Setup

1. After entering all data, click the "Sign in" button.
2. Wait for the setup process to complete.
3. After successful setup, you will see a confirmation message.

Figure 6. Confirmation of successful email account setup

Verify Settings

Make sure the following settings are established:

• Email address: name@your-domain
• Account (login): name@your-domain
• Password: your password
• IMAP server: incoming mail server (obtained when creating an email account in cPanel)
• IMAP port: 993
• SMTP server: outgoing mail server (obtained when creating an email account in cPanel)
• SMTP port: 465

Congratulations! You have successfully set up your mailbox in Microsoft Outlook.

Figure 7. “Inbox” folder

Enjoy working with your email and hosting from Host-telecom.com!

This guide is designed for Host-telecom.com customers who use virtual hosting services and want to set up corporate email on their domain. Corporate email with your domain name creates a professional image and strengthens customer trust. This step-by-step instruction details the process of creating an email account through the cPanel control panel. By following the directions below, you will quickly set up and start using corporate email on your domain.

The domain your-email.cz is used as an example in this guide.

Step 1: Log in to the cPanel Control Panel

1. In your browser, open the page: https://www.host-telecom.com/my-account/
2. Go to the "Hosting panel" section and click the "Enter" button
3. Enter your domain and login credentials received in the email when activating the virtual hosting service

Step 2: Go to Email Account Management

1. In the cPanel interface, open the "Email" section.

2. Select "Email Accounts".

   

   Figure 1. Email section interface in cPanel

Step 3: Create a New Email Account

1. On the email account management page, click the “Create” button.

   

   Figure 2. "Create" button on the email accounts management pagel

2. Fill out the form:

   • In the "Username" field, specify the name of the account (in our example: example)
   • Create a secure password for the account

3. Click the "Create" button to complete the process.

   

   Figure 3. Email account creation form

Step 4: Access the Created Email Account

1. The created email account will appear in the list on the "Email Accounts" management page.

2. To access the webmail interface, click the "Check Email" button next to the created account.

   

   Figure 4. "Check Email" button for email account access

Step 5: Verify Email Functionality through the Web Interface

1. Go to the page https://www.host-telecom.com/my-account/
2. Select the "Webmail" section.
3. The system will redirect you to the ROUNDCUBE web interface.

4. Click the "Open" button.

   

   Figure 5. Access to the webmail interface

5. Log in to the account using the created credentials.
6. Check the functionality of the email account by sending a test message.

Step 6: Get Parameters for Email Client Configuration

You can use the ROUNDCUBE web interface to work with your email or set up an email client. Next, we'll explain how to get the necessary parameters.

1. To get email client settings, click the "Configure Mail Client" button in the bottom left corner of the webmail interface.

   

   Figure 6. Configure Mail Client button

2. The page that opens will display all the necessary parameters for connecting to various email clients:

   

   Figure 7. Settings for email clients

Key configuration parameters:

• Email address: example@your-email.cz (provided only as an example!)
• Password: entered when creating the email account
• Incoming mail server IMAP: cz54.host-telecom.com (provided only as an example!)
• IMAP port: 993
• Outgoing mail server SMTP: cz54.host-telecom.com (provided only as an example!)
• SMTP port: 465
• IMAP, POP3, and SMTP require authentication

Congratulations! You have successfully set up an email account on your own domain in the cPanel control panel. Now you can use it both through the ROUNDCUBE web interface and through email clients.

Detailed instructions for setting up Microsoft Outlook email client can be found in our guide: "How to Set Up Microsoft Outlook Email Client."

If you have questions or technical problems, please contact Host-telecom.com support.

Additional Recommendations

• Periodically update your password to increase security.
• Create a professional signature for your emails.
• Set up an auto-responder for extended absences.

You can easily change the PHP version on your cPanel account by following these steps:

1. Log in to your cPanel account.
2. Navigate to the Software section and click on Select PHP Version.
3. Click on the PHP Version drop-down box and select your preferred PHP version.
4. Click on Apply button to save your PHP version change.

It is important to know which version of PHP is required for your web applications to avoid any unwanted errors. If any error occurs on your website after changing PHP version, revert back to the previous PHP version your website was using.

Benefits of Using cPanel's Site Quality Monitoring

Monitoring Tabs

Availability

Performance

Content

Crawling Tab

Interpreting Scores and Colors

Troubleshooting and Improving Website Performance

Practical Examples

Summary

Frequently Asked Questions

This tutorial will teach you how to install a LAMP stack on a virtual server.

LAMP is a suite of software including:

• Linux;
• Apache;
• MySQL;
• PHP.

This will allow you to run your own website after installing it.

We are going to use a virtual server, HT-VPS-5 tariff, 16 GB RAM and 160 GB SSD-drive. However, for the majority of basic tasks (blog, business card site) and projects that are not very demanding, a simpler HT-VPS-1 configuration will be fine. The operating system we use is the Linux distribution Ubuntu 20.04.

To begin with, allow us to have a look at the basics of running a website. Each site requires different components for its functionality. Typically, these include a web server, support for the programming language that the site is written in, and database support. Here we will guide you how to install Apache web server, PHP language support and MySQL database support.

SSH SETUP

We are going to do all operations using the prompt with the SSH protocol. You should know your IP address, username and password. You will receive this data for connection in an email when you order a virtual server.

Open a command prompt (terminal) on your local computer and input the command to connect.

shh root@XXX.XXX.XXX.XXX

Enter the address of your server instead of XXX.XXX.XXX.XXX.

If this is the first time you connect, you may see this message:

The authenticity of host 'XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX)' can't be established. RSA key fingerprint is SHA256:YaaqERsh9oMs/Qa5nlMJLlb4ewlJDGLaDGsuOcDzOs8. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Please just press 'yes' or the letter 'y', you will be asked to enter your password

Warning: Permanently added 'XXX.XXX.XXX.XXX' (RSA) to the list of known hosts. root@ip_XXX.XXX.XXX.XXX's password:

Type in the password and press 'Enter'.

When you connect to the server, you get to the command prompt on the server itself, i.e. in the system installed on the server.

Before you install any components, we recommend you upgrade your system to the latest up-to-date version.

Run the commands sequentially:

apt update

apt upgrade

An update of the system will start.

The next step is to reboot the server, you can do this using the reboot command.

Before proceeding to the LAMP installation, you need to perform the initial configuration of the server.

Right now you are logged in as root, which is insecure, so you should create a non-privileged user.

Let's run the adduser [username] command to do this, for instance:

adduser host-telecom

Next, enter the password for this user twice.

After that you will be asked to enter some user data (full name, phone number, etc.), but you don't have to enter all of this, you can just leave the fields blank by pressing 'enter' each time.

Now, you created a new user, although he doesn't have administrator rights. To give it root privileges, you need to add it to the sudo group.

Execute the command:

usermod -aG sudo host-telecom

UFW FIREWALL SETUP

To improve server security, we recommend to use the popular and simple to customize UFW firewall. Various applications can register their own profiles for UFW, meaning ready-made sets of security settings that you can activate. Let's output the list of current profiles with the command:

sudo ufw app list

Available applications: OpenSSH

The profile of the OpenSSH service is now available in our case, which allows us to connect to the server via SSH.

Activate this service using the command:

ufw allow OpenSSH

Rules updated Rules updated (v6)

Next, activate the firewall by command:

ufw enable

You will be warned that the current connection may be interrupted:

Command may disrupt existing ssh connections. Proceed with operation (y|n)?

But because you have enabled OpenSSH, don't be concerned and type 'y' and press 'Enter'.

Firewall is active and enabled on system startup

To check the status of the firewall run the command:

ufw status

You can see that it is active and the OpenSSH profile is also active:

Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6)

You allowed only SSH connections, and the firewall now blocks all other connections. Later, you will allow HTTP connections to open a website.

Here's a very important point: you need to connect using SSH, not as root, but as the host-telecom user you just created.

For this purpose, don't close your current SSH connection to root for now, but instead open a new terminal window and connect in it, just in case you might suddenly run into problems and be able to fix them.

In the new terminal window, run the command:

ssh host-telecom@XXX.XXX.XXX.XXX

Enter the password for the host-telecom user.

If all is successful, you will be prompted to enter commands, but you will be working under the host-telecom user, and all administrative commands will have to be executed via sudo, i.e. you will enter 'sudo' before each command.

You can close the SSH session with the root user by typing the 'exit' command.

APACHE WEB SERVER SETUP

To install the Apache web server, run the command:

sudo apt install apache2

Make changes to the firewall before testing the Apache web server.

Check the list of profiles:

sudo ufw app list

You will find that apart from OpenSSH, 3 new Apache profiles are also added. Each profile contains a set of settings:

• Apache — opens port 80, used by the http protocol;
• Apache Full — opens ports 80 and 443, used by http and https protocols;
• Apache Secure — opens port 443 only.

You need to apply Apache Full to allow both http and https traffic.

Run the command to activate the profile:

sudo ufw allow in "Apache Full"

Rule added Rule added (v6)

Once this is done, you can test how Apache works and open the default website.

For this purpose, open your browser and enter the IP address of the server. The following information page will appear:

Actually it is already a running website with a single HTML page.

MYSQL DATABASE SUPPORT SETUP

To install MySQL database support, run the command:

sudo apt install mysql-server

Once the installation is complete, we recommend running a special script that helps you set various security settings. Run the command to do this:

sudo mysql_secure_installation

Further you need to answer a few questions. The first is to enable the VALIDATE PASSWORD plugin, used to prevent simple passwords from being used when setting MySQL database passwords. To enable it, type 'y' and press 'enter'.

The next step asks you to set the level of password validation:

There are three levels of password validation policy: LOW Length >= 8 MEDIUM Length >= 8, numeric, mixed case, and special characters STRONG Length >= 8, numeric, mixed case, special characters and dictionary file Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG:

Choose medium: enter 1 and press 'enter'.

Then enter a strong password and confirm it.

You can answer all subsequent questions with 'y' and then press 'enter':

• request to remove an anonymous user,
• request to disable remote authorization of the root user,
• deleting the test database.

Once complete, you will be prompted to activate the settings and customizations you have made.

You will get a message as a result:

Success. All done!

PHP LANGUAGE SUPPORT SETUP

Further, you should install support for the PHP language. To do this, you need to install three packages:

• PHP
• libapache2-mod-php — a module that allows you to process PHP files,
• php-mysql — allows PHP to communicate with MySQL.

sudo apt install php libapache2-mod-php php-mysql

The LAMP installation is now complete.

However, before you can launch your site, you have to create a virtual host for it. Create a directory for your site and make the settings for your host.

Run the command:

sudo mkdir /var/www/mysite

Specify the domain of your site instead of mysite.

You created the directory using sudo, i.e. as root. Change the permissions and group for this directory to be under your host-telecom user.

sudo chown -R $USER:$USER /var/www/mysite

Then, you should create a configuration file for your virtual host. Configuration files are stored in the /etc/apache2/sites-available directory. Open the console text editor nano and create a configuration file. Run the command:

sudo nano /etc/apache2/sites-available/mysite.conf

Paste the following code:

<VirtualHost *:80> ServerName XXX.XXX.XXX.XXX ServerAlias XXX.XXX.XXX.XXX ServerAdmin host-telecom@localhost DocumentRoot /var/www/mysite ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>

Exit the nano editor by pressing Ctrl + X, and enter 'yes' to save the file..

To get your virtual host activated by the web server, run the command:

sudo a2ensite mysite

You need to restart the server to allow the changes to take effect. Run the command:

sudo systemctl reload apache2

Create a test page in your directory where your site files should be located. Open the nano text editor again:

nano /var/www/mysite/index.php

And add the following code in it:

<?php phpinfo();

This is a PHP function that displays detailed information about the current php configuration. Enter the IP address of your server into the address bar of your browser and you will see that you get a page with PHP configuration information.

We've reviewed the basic steps of setting up Apache, PHP, MySQL and learned how to create virtual hosts. Now you can install almost any CMS and launch your online business or blog.

CloudPanel is an opensource solution that allows you to easily install the LEMP stack (Linux, Nginx, MySQL and PHP) on your VPS or cloud server.

Based on the official documentation, CloudPanel is a cost-free and modern control panel for server configuration and management focused on simplicity.

CloudPanel was initially developed by MGT-COMMERCE GmbH, a Berlin-based company, over a decade ago purely to offer optimized hosting for Magento sites in the AWS cloud.

Nowadays, this free control panel has become one of the most capable control panels for Nginx servers, and is compatible with a wide range of PHP, Node.js, Static Websites and Python applications. At the same time, it's become more flexible.

Actually, with CloudPanel you can run any of your favorite applications on any cloud or dedicated server in just a few minutes.

At present, CloudPanel only supports Linux distributions - Debian 11 and Ubuntu 22.04.

The installation of CloudPanel is pretty simple and easy.

Let's see what CloudPanel has to offer before we start the installation:

Technical Requirements:

• Ubuntu 22.04 (Jammy Jellyfish) or Debian 11 (Bullseye)
• >= 1 CPU
• >= 2 GB RAM
• >= 10 GB Disk Space

In this guide we will use the Debian 11 distribution.

CloudPanel INSTALLATION

Connect to your server using ssh. To do this, open a terminal and enter the command:

ssh root@XXX.XXX.XXX.XXX

You need to update your system and install the necessary packages before running the installer.

apt update && apt -y upgrade && apt -y install curl wget sudo

Then run the installer with the desired database engine.

The installation is now complete. You can now access CloudPanel through your browser: https://XXX.XXX.XXX.XXX:8443.

Just ignore the warning about the self-signed certificate and click on "Advanced" and "Go to site..." to proceed with CloudPanel.

Then fill in all the information: name, email, username and password.

Confirm that you agree to the terms and conditions and privacy policy and click the "Create user" button.

There you go! Now you are ready to log in to CloudPanel.

VestaCP is a control panel with a wide variety of functionality that allows you to easily monitor and manage your server. This guide explains how to install VestaCP on your Linux VPS.

Minimum Specifications:

• CentOS 5, 6, 7, Debian 7, 8, 9, Ubuntu 12.04 - 18.10;
• RAM 512 Mb
• HDD 20 Gb
• CPU 1 Ghz

Connect to your server using ssh. Open a terminal and run the command:

ssh root@XXX.XXX.XXX.XXX

Enter the address of your server instead of XXX.XXX.XXX.XXX.XXX.

Before you run the installer, the system must be updated and the necessary packages must be installed.

apt update && apt -y upgrade && apt -y install curl wget sudo

Next, load the installation script with the command:

curl -O http://vestacp.com/pub/vst-install.sh

Then run the script:

bash vst-install.sh

During the installation, you will be asked to answer several questions:

Enter the requested data and press Enter.

Once the installation is complete, you will be prompted for a login and password to access the control panel.

After the installation and configuration of the caching DNS server, if the server can be accessed at an external (white) address, you should check that the server responds only to requests from trusted hosts (clients). If the server responds to requests from all hosts, this server is called DNS Open Resolver.

The risk exists that DNS Open Resolver can be exploited by attackers to perform various types of attacks:

• Loading the server with random DNS requests, blocking the channel with traffic. This can cause a denial of service (DoS) and make the DNS service inaccessible to other users.
• Sending special requests to a server with a fake source IP address in order to organize an attack on a third host that involves your server. DNS Open Resolver will send responses to this spoofed address, which can lead to a high volume of network traffic aimed at the victim of the attack. Such an attack is called DNS Amplification.
• Replace responses to your server with false data that will get into the cache (Cache Poisoning). When a client computer accesses a DNS server that is compromised this way, it may obtain false or malicious IP addresses for domain names.

On receiving a recursive request, the server either returns an answer to the request or an error message. The server performs all data searching and querying of other servers. In case of receiving an iterative request, the server can return the address of another server rather than the answer, and then the client will forward this request to the specified server.

How to check if a server is open

You can check if your server is open to recursive requests at https://openresolver.com/.

Or with commands that perform requests to DNS:

dig +short @XXX.XXX.XXX.XXX mysite.ru

host mysite.ru XXX.XXX.XXX.XXX

nslookup mysite.ru XXX.XXX.XXX.XXX

As XXX.XXX.XXX.XXX enter the IP address of the server to be checked. The example name is mysite.ru, you can check any.

If the request gives an IP address when requested from any host, then your server is DNS Open Resolver.

How to turn off or limit access to only authorized hosts/networks

1. Limit access to the server port (udp/53) on the network perimeter, or locally on the DNS server itself.
2. If you want the server to be responsible for only one or a few specific zones, you can turn off recursive queries by adding the “recursion no;” option to the named.conf configuration file (named.conf.local or other, depending on your settings).
3. Enable recursive requests for trusted networks/hosts only, example: “allow-recursion { localhost; 10.16.0.0.0/16; };” (10.16.0.0.0/16 — replace with trusted addresses).